BABEŞ-BOLYAI UNIVERSITY OF CLUJ-NAPOCA

FACULTY OF ECONOMICS AND BUSINESS ADMINISTRATION

BUSINESS INFORMATION SYSTEMS DEPARTMENT

PhD. Thesis Summary

SOFTWARE DEVELOPMENT AND RISK MANAGEMENT IN COMPLEX PROJECTS

Scientific Advisor: PhD. Ștefan Ioan NIȚCHI, Professor

PhD. Student: Dan BENȚA

September, 2011

2

Abstract

Using knowledge applied in the business environment, we developed a basic framework for risk management that is easy adaptable to different types of projects. This research generates knowledge to solve real-life problems in terms of projects implementation and compliance with deadlines. This work presents awarded theories from Economics and successfully implemented in Informatics.

A set of practices and standards for risk management helps managing risks during project lifecycle. The main approaches as guides or standards that offer valid frameworks to manage risks in complex projects are in continuous development and evolution. A proper risk management plan is recommended to deliver projects on predefined costs, time, and quality. Developing a tool for risk management involves a set of internal and external aspects. We present our own framework and developed software. Results from our internship are presented as the collaboration between the university and business environment.

Keywords: risk management, risk identification, risk mitigations, risk evaluation, software development, software development life cycle, traditional and agile methods, Reference Class Forecasting, implementation, organizational culture, group development

3

Contents

Introduction ................................................................................................................................ 4 

1.  Risk management in software development projects ......................................................... 5 

1.1.  Risk management standards ........................................................................................ 6 

1.2.  Risk management theories in our approach ................................................................. 6 

1.3.  Best practices for risk management ............................................................................. 7 

1.4.  Conclusions ................................................................................................................. 8 

2.  Agile software development and team building for on-time projects ................................ 9 

2.1.  Software development life cycle and methods ............................................................ 9 

2.2.  Team building in achieving project goal ................................................................... 10 

2.3.  Conclusions ............................................................................................................... 11 

3.  Our approach and results .................................................................................................. 11 

3.1.  Steps for risk management framework ...................................................................... 12 

3.1.1.  Need for this approach ....................................................................................... 12 

3.1.2.  Proposed and implemented framework .............................................................. 12 

3.2.  Software implementation ........................................................................................... 14 

3.2.1.  Conceptual background for developed software solution .................................. 14 

3.2.2.  Developed software solution and results ............................................................ 15 

3.3. Conclusions ................................................................................................................... 24 

4.  Final remarks and future work ......................................................................................... 24 

4.1.  Personal contributions ............................................................................................... 25 

4.2.  Directions for future work ......................................................................................... 26 

4.3.  Author's bibliography ................................................................................................ 27 

PhD. Thesis Bibliography ........................................................................................................ 29 

4

Introduction

By definition, project risks are uncertain events or conditions that, if occurs has a negative effect on project’s objectives. Contrasting, positive uncertain events are called opportunities. More, risk management aims its practices to be tailored to the project and congruent with the organizational culture, processes and assets. Risks are unequally important, that's why it is very important to filter and prioritize risks for further attention. Risk management is essential to successful project management and aims to identify and prioritize risks in advance of their occurrence, and provide action-oriented information to project managers. This orientation [98] requires consideration of events that may or may not occur and are therefore described in terms of likelihood or probability of occurrence in addition to other dimensions such as their impact on objectives.

This work well defines risk management and its' role in a project lifecycle. Most often used standards and frameworks are identified and presented. After an identification of best practices for risk management we have adapted an existing standard and developed our own framework for risk management. Factors that may influence risk management integration in general project management plan are presented. Identified practices and factors are result of collaboration between university and business environment from our internship. We clearly point methods used in our software development project and main agile components to succeed. Based on this theoretical background we present our developed software solution. Throughout this work we give practical examples and own case studies.

In our research we were involved in a software development project for risk management. In the present paper is presented the architecture and developed software solution with relevant results. We consider that this approach fits customer requirements and provide significant results to avoid delays in projects by early identifying of risks to deliver projects in predefined costs, time and quality. A software application for risk management helps us to identify, mitigate, and evaluate risks in order to deliver projects in contractual terms and parameters without any penalties; delays in projects are not desirable. Choosing the best methodology for software development depends on several factors as project size and complexity, level of innovation, internal and external factors, available technology, organizational culture or project and team considerations. Agile software development methods are accepted worldwide as cost-effective and time-sensitive methodologies for software development in organizations to face the new challenges in this competitive environment. Adopting an agile approach produce higher-quality products designed to meet customer requirements in a better way and at a lower cost than in traditional approaches but to succeed is not enough to understand the agile approach. “Changing practices is one thing; changing minds is quite another” [38]. It is hard to become agile but it worth. We adopted an agile methodology for our research and project implementation. Our methodology is also focused on team building and task-oriented actions. Considering this, we take into account Scrum as best approach.

The objective of this thesis is to identify, analyze and characterize project risk management frameworks and standards and to present and classify traditional and agile software development approaches. Second, it identifies and presents theories behind Risk Management; we decide best approach in our research and point our own opinions and contributions in terms of risk management and agile methods. After a literature review, analyzes and studies we build our own project risk management framework. We also

5

present best practices for risk management and describe our approach and software development for risk management.

This thesis is structured in 4 main chapters. After a brief introduction, Chapter 1 introduces project risk management aspects highlighting on its proactive aspect. Our main focus is on PMBOK Guide developed by Project Management Institute in a Practice Standard for Project Risk Management [95], [98]. Theories behind this research and adopted approach for Project Management based on our experience in the business environment are pointed. Best practices for risk management from our experiences are described. In Chapter 2 we present the software development life cycle with traditional software development methods as Waterfall Approach [102], Prototyping Approach [113], Spiral Approach [24], Incremental Approach [77], and Rapid Application Development (RAD) Approach [82]. Following, we identified and listed the agile development approaches focusing on Extreme Programming (XP) [8] and Scrum [121], [105] and Capability Maturity Model Integration approach for development that helps organizations to achieve the project objectives by improving practices and measures the business and company maturity. Our focus is on work meetings and group development. In Chapter 3 we present a general valid framework for project risk management highlighting that the presented framework is derived from condensing knowledge from industrial large projects; it is the result of collaboration between university and business environment. This chapter presents our approach and our software developed for risk management to succeed in risk identification phase and to reduce or avoid delays for future projects. As stated in [52], a main problem in major investment projects is a high incidence of cost overruns and benefit shortfalls caused by optimism bias and strategic misrepresentation in early project development. Finally, in Chapter 4 we present our final remarks, our contributions and perspectives for future work in terms of risk management and software development.

Chapter 1

1. Risk management in software development projects

This chapter provides a complete definition of project risk and its roots with a clear presentation of risk management approaches and existing standards for project risk management. In our approach, a complex project is structured in three main phases: sales or acquisition, project execution or implementation and project closure and service preparation. In most cases, the execution team is distinct to the acquisition phase, reason why risk management should be integrated part in project management in every phase and in every process group. Starting with the definition, risks are uncertain events (Figure 1) which when occur have negative effect on at least one project goal – e.g., time, costs, contents or quality. Contrasting, the positive variability is desired and is called opportunity. Despite the simple explanation, the project managers often include into risks area the problems and technical or organizational issues. It is well to note: the risks are potential events in future which did not occur yet (while problems are risks that occurred). Risks are characterized by probability, always less than 100% and impact measured in changes of the objectives. Risks may be measured in costs (monetary risks) in time (delay risks for time management) or quality (usually affecting contracts thru monetary cost of improvement) [17]. Concerning risks in project management, a risk is considered to have at least one cause and at least one effect.

6

In a muand basdescribecurrentspace. Ffor projrelevantmajor pbecominprocess Body ofconcern(mitigat

1

A numbAs well

P P I A P

We conproject software[69] to mis hardwpoliciesmore sthroughidentifieimproveavailabl

1

Our appof utilitrisk mamanagerisk mamileston

Figur

ultidimensiosed on the sed as the dt situation (For this reaject. In the t in terms o

project mileng integral group. Pro

of Knowledned with contion process

1.1. Risk m

ber of compl, a few auth

PMBOK GPRAM (ProIRM StandaAustralian aPRINCE2 (

nsider that stakeholdee developmmake the beware or softs. Tools andstability anhout a projeed, the more project ele. More un

1.2. Risk m

proach for Rty theory [2

anagement. ement is theanagement nes during

re 1 - Cause, U

onal space ostakeholderdistance be(or the perc

ason, targetssales phasef Project Ri

estones and part of eveoject Mana

dge) Guidenducting ids), and moni

managemen

panies and hors identifi

uide develooject Risk Aard jointly dand New Ze(PRojects IN

PRM activirs; this pro

ment projectest choice atware, need d techniquend are morect life cyclre realistic evolution. P

nknown aspe

managemen

Risk Manag23], [62] anAs projects uncertaintis the key project and

Uncertain Ev

of the projecrs evaluationetween the

ceived curres require to e of projectisk Managehence be i

ery aspect ogement Ins

– Fourth dentificationitoring & co

nt standard

institutes hied some of

oped ProjectAnalysis anddeveloped bealand StanN Controlle

ities and plocess contint we need

and to propoto integrate

s for projecre sustainale. The earlthe projec

Project plaects become

nt theories i

ement focund prospecs are uniquety which is to succeed

d/or the end

vent which is

ct objectiven, the proje

e objectiveent situation

be well dets, each largement (PRMincluded in of managingstitute PMI®

Edition dn of risks, aontrol of ris

s

have definedf them [109]

t Managemd Managemby The Instindard, AS/Ned Environm

lans are denues througto clearly i

ose the best e [22], [13]ct risk manaable. A risrlier in the ct planninganning proge known.

in our appr

uses on probct theory [7e in time aninevitable i

d in compld of project

Risk if may

es (or expecect passes as (or stake

n) in the uppefined, well ge project c

M). Risk maproject pla

g the projec® in the PMdefines Risanalysis of isks.

d standards]; the most i

ent Institutement) Guide itute of Risk

NZS 4360:20ments) meth

eveloped anghout the pidentify andsolution. A into compaagement evsk managemproject lifewill be. R

gresses and

roach

bability theo71], [72] as nd trajectorin a projectlex projectsts may be c

produces an

ctations), dua trajectory eholder expper describe

known, ancrosses seveanagement sans and opect, in every MBOK® (Prk Managemimpact (eva

and methoimportant ar

e [131]; [125];

k Manageme004 [136]; odology [13

nd are the rproject life d define co

Any proposeany structur

volve while ment appro cycle that

Risk managed more inf

ory and makmain roots

ry, another m; from this rs. Based oncategorized

Effect

uring projec[17]. Risk

pectations) ed multidimnd well docueral phases should be aperational dophase and

Project Manment as paluation), re

odologies foare listed bel

ment (IRM) [

32].

responsibilitcycle (PLC

ompany preed solution, re and to rethe princip

oach is apt a risk or rement contformation b

kes a brief os and influemain aspecreason, a p

on utility fud in what ar

ct phases may be and the

mensional umented that are

pplied at ocuments

in every agement

processes esponses

or PRM. low:

[135];

ty of all C). In a

eferences whether

espect its ples have pplicable risks are tinues to becomes

overview ences for ct of risk roactive unction, re called

7

soft-deadline and hard-deadline [96]. Existing risk analysis methodologies observe risks from monetary terms. The typical risks are correlated with an increase in final project costs. In order to estimate hard-deadline milestones and/or end of projects or programme is critical to employ the time dimension rather than the typical cost-based risk analysis. Economists distinguish between cardinal utility and ordinal utility, the last being a rank-comparison of: options, contracts, projects, execution quality etc. In risk assessment activities, customer made already a decision that company “YZ” is executing the project. Therefore, the cardinal utility function over time is more appropriate, while ordinal utility may captures only ranking and not strength of preferences. Clear examples of projects with soft deadline are software development projects. In many cases a projects should be funded even if deadline expires because when it is finished still generates benefits. Contrasting situation which may be described as soft deadline, certain projects have hard deadlines. In more rigorous way, the concept of deadline is a time at which the value of the utility function falls to zero. A typical example of hard-deadline would be to build a stadium for future Olympic Games. If achieved weeks after the designed Olympic Games, the utility function drops to negative values represented by investment costs and loss at customer. The prospect theory was defined by Daniel Kahneman and Amos Tversky [71], [72] and is the basic theory in Reference Class Forecasting. Reference Class Forecasting for a particular project requires the following three steps [52]:

Identification of a relevant reference class of past, similar projects; Establishing a probability distribution for the selected reference class; Comparing the specific project with the reference class.

Those theories, that helped Kahneman win the 2002 Nobel Prize in Economics, are based on some well-observed deviations from rationality.

1.3. Best practices for risk management

Based on the industrial practice, this chapter outlines strategies to identify, prioritize, and mitigate risks for achievement of project’ or organizational objectives. Risk is typically represented based on probability vs. impact. Here is the summary of our recommendations where to look for sources of variability in risk management: event-risks which infers with the project; intrinsic variability in terms of costs/duration; correlations on events and variability; environmental changes during the project. Project risk management requires that all other management processes as planning, resource allocation, budgeting, to be performed at the level of the best practices available. Risk management adds the perspective of project risk to the outputs of those other processes and adds to their value by taking risk into consideration. For meaningful results it is imperative that risk management to be applicable throughout a project’s life cycle.

Risk identification step: A risk cannot be managed unless it is first identified. The first step in the iterative project risk management aims to identify all knowable risk to project objectives. The fact that some risks are unknown or emergent requires the risk identification to be an iterative process. It is also important to achieve a full understanding of the present conditions in which the organization operates.

Mitigations: Risk management shall advise on strategies to manage the risk. Because the project manager is the owner of the risks in the project, he/she will decide on the method of mitigation and the priorities. When several risks are identified, each characterized by probability of occurrence and impact, the priority shall focus on the risks with high impact and high probability. After mitigation, in case the probability decrease the risks are represented on a lower as a parallel shift with y-axis; in the case the impact decrease, risks shift left (Figure 2).

8

High risboth situ

Monitocontinueanalysisthe cust

1

Based oessentiainvolve quality in achieanalyzeused asManageWe alsoProject identifieand rule

As persmanageour requresults isupport phases fdevelopidentifieachieveframew

sks are repruations: afte

oring of rise to affect ts not only otomer projec

1.4. Conclu

on our expeal to deliver

financial ofor an on-tieving specid to identif

s it is or wement Instito consider th

managemees, mitigatees must be r

sonal contriement and muirements. in several aour approa

from our prpment methoed main stment of prork for risk

Figu

resented wier and befor

sks: Changethe risk situ

once but in ict.

usions

erience in inr projects ior time invime projectific projectfy the optimwith minor tute framewhat the hument structures and evalurespected.

ibutions, bamethods forWe also ararticles. Exaach. We prroject for soodologies ateps to sucroject’ or ok manageme

ure 2 - Risk r

ith red, medre risk mitig

es in the buuation insiditerative cyc

ndustrial fiein planned vestment. Tt in fixed co goals. Eac

mal framewoor major

work for comman factor isre and orguates projec

ased on thir software drgued why amples andresented ouroftware devand best appcceed in idrganization

ent in Chapt

representation

dium risks gations.

usiness envde projects. cles along m

eld, we concterms and

There can bosts. Currench project ork for risk customizati

mplex projes essential fanize the p

ct risks. For

s classificadevelopmenselected so

d case studiur conceptiovelopment iproach in ou

dentifying, pnal objectivter 3.

n after mitiga

with yellow

ironment, cThis is the major miles

clude that adeadlines.

be no compnt frameworis unique manageme

ion level. Iects adaptedfor a projectproject evor a successf

ation and onnt we identilution is bees from ou

on about coin risk manur case wilprioritizinges. Based o

ation

w and low

completion reason for p

stones or de

a risk managAny changpromise to rks and stanand each s

ent and howIn our cased and customt to be succolution andful project,

n identifiedified an appest and we r internship

omplex projagement del be detaile, and mitigon these ste

risks with

of the projperforming

elivery base

gement appges in the p

reduce thendards exissituation sh

w to use it. Ie, we usedmized for o

cessfully comd risk man

schedule, a

d standards proach that have prese

p were presjects and exepartment. Sed in Chaptegating of reps we'll b

green in

ect, will g the risk elines for

proach is plan will e project t to help

hould be It can be

d Project our field. mpleted.

nagement activities

for risk best fits nted our

sented to xplained Software er 2. We risks for build our

9

Chapter 2

2. Agile software development and team building for on-time projects

Software development is a complex process to create software starting from a specific set of requirements. It involves teamwork and a lot of communication with a major positive effect in terms of innovation. Recent studies for software development focus on methodologies and analyze developers and users satisfaction in software development projects [119], studies that have important implications for managers trying to balance the challenges of managing new software development and making enhancements to existing software, while engaging the user actively in the software development processes. This chapter describes the software development life cycle and identifies traditional and agile development methodologies in this field. All these methodologies respect the development life cycle. Existing ones propose a set of methods and steps with different frameworks to develop a valid software product to meet customer requirements. In this chapter are listed traditional software development methods and their evolution to agile development methods. From our perspective, best approach for software development for risk management is an agile method as uncertainty is omnipresent in any project.

2.1. Software development life cycle and methods

The software development life cycle (SDLC) process is defined as an organized way involving multiple stages. The process starts with determining customer needs and user requirements and ends with maintenance, documentation and personnel training if necessary. It also includes a way to use feedback for continuous improvement of the development processes. Adapted after [128], we have defined and structured steps in the software development life cycle.

A software development method refers to the used framework for planning and controlling the process of developing a software application. In traditional software development methods are included: Waterfall Approach [102], Prototyping Approach [113], Spiral Approach [24], Incremental Approach [77], and Rapid Application Development (RAD) Approach [82]. Choosing the best approach for a Software Development Project depends on the project type and context, internal and external environment, technical specifications, organizational features and policies.

Changes in business and technology environments force software developers to adapt and find new solutions for successful projects and software development performance. Recent literature presents studies that analyze agile development approach and combine qualitative and quantitative data analyses for process performance in terms of on-time completion, on-budget completion, and software functionality [78]. The term of agile software development (ASD) was introduced in 2001 by Agile Manifesto [124] and describes a methodology where requirements and solutions evolve through collaboration between cross-functional teams. During the software development project, user requirements can change dramatically and require software development in an agile and flexible environment; this is an efficient and effective approach comparing with traditional software development. The most popular methods for ASD are: Extreme Programming (XP) [8] and Scrum [121], [105]. Our main focus in on Scrum process that is described in three phases as pointed in [1], [105]: Pre-game, Development and Post-game. All defined roles are defined to ensure an optimal process development. Both methods focus on team communication and collaboration with small team size (less than ten-twenty persons). Roles are clearly defined for maximum efficiency and work productivity. In practice, both methods are widespread.

10

Our main interests are in software development projects, risk management and team building. In next sections we also present aspects from our experience in software development projects. Main interests are focused on work meetings and group dynamic/evolution. In their research paper [94], authors perform studies on how CMMI (Capability Maturity Model Integration) could be used in assessing agile software development or in a situation in which the organization is planning to change its processes towards agility. We are interested in CMMI for Development as our objective is to deliver software development projects in predefined contractual parameters as costs, time and quality.

2.2. Team building in achieving project goal

Scrum approach as agile development highlights on simplicity of the product and of the project. It focuses on sprint meetings to help the team understand what must be done. As several authors agree [93], in sprint planning meeting the product owner helps the team to plan its work and commit to a sprint goal, thereby laying the foundation for its self-organization. The team figures out how much can be done and how to do it. We consider that team building is a decisive factor in order to succeed in software development projects. An agile approach is mandatory to meet requirements that change over the project life cycle. Besides team training, group development is essential to produce innovative ideas and to deliver projects in contractual terms and deadlines.

The stages of Group development are best described in Bruce W. Tuckman’s article [103], in which he synthesized about 50 articles on different type of group formation. For the proposed stages the author proposed following terms: forming, storming, norming and performing. Regarding the first stage, we consider that it identifies each member qualities and how those qualities may be used in accomplishing the projects’ overall objective. Achieving the objective involves tasks and resource allocation to each team member based on their previous experiences. If it is possible, lesson learned reports should be considered in order to avoid repeating a same mistake twice. Each member’ previous experience can influence the project evolution and implementation. This stage is characterized by little work and a variable amount of emotionality, during which the members are concerned with defining the directions the group will pursue. In this stage interpersonal problems are taken care of with dependence, while task problems are met with task-oriented behavior. Orientation, testing and dependence constitute the group process defined as forming. Our opinion is that in the second stage each member expresses his own opinion and ideas regarding the project, roles and task allocation. Please note that this stage is dominated by complaints and conflicts well designed to avoid future communication problems in the team. The communication gaps between the members will only be filled in the next stage where communication will become more efficient. Third stage has been labeled as norming. From our approach, this stage generates final roles and norms that helps flourish, tensions has been eliminated within the group and the members can now focus more efficiently on the task at hand. The communication boundaries have been passed and each member can now express freely own ideas with no fear of being judged in case of a mistake. The fourth developmental phase of group structure is known as functional role-relatedness and named performing. In our case, performing is by far the most efficient stage, concerning the task, here results are visible, and the members are task oriented with few interpersonal conflicts. Each member is allocated to the task where it has maximum efficiency and in case he finishes his task before the deadline he may assist his team mates on their parallel tasks or on non-depending tasks from their project management plan. All team members are focused to deliver the project in contractual terms.

In terms of a conflict, we agree that a task oriented conflict produce benefits that helps a project to grow and generates new and innovative ideas and approaches. Opposite, a member

11

oriented conflict is not project productive and may obstruct the completion of the performed task or may generate negative impact on project overall objective.

2.3. Conclusions

We consider that collaborating in sprint meetings is essential in a software development project using agile methods. A team building period and team accommodation with the project and with the product they need to develop is a first important step. Those meetings are design to fill the collaboration gaps between team members and to clear point what each member done, what each member has to do until next meeting. In this way, potential risks are identified and things that can go wrong respecting project initial plan and schedule. Agile software development methods can easily be integrated with project management for a correct project plan, task allocation and resource planning. Our opinion is that group development is a mandatory feature in the project life cycle and evolution. An individual can obtain benefits from the group as the group can obtain benefits from each individual, previous experience of each team member combined in teamwork may produce better results with less effort when performed individually, and this is particularly useful in complex projects. Interrelations within the group help the members to develop new skills and abilities or to improve the existing ones. Besides company culture oriented on agile methods, human factor and group dynamic is very important, reason why team building must guarantee that no communication gaps or any constraints exist. The real challenge arises in the collision between the company culture and policy, project team members and agile. Agile methodologies such as Scrum create transparency. Every deficiency that obstructs the best flow of work is singled out for examination [73]. Regarding our contributions in this chapter, we can mention that we have pointed our software development project features and provided practical case studies and examples. Each phase from a software development life cycle project is defined and referred by an own perspective. We clearly listed and detailed traditional and agile development methods highlighting the benefits of communication in meetings and group development.

Chapter 3

3. Our approach and results

Based on identified standards listed in Chapter 1 we have selected PMI standard as best approach and in this chapter we present our own framework in first sections of this chapter. This chapter also presents our software development project using agile methods and respecting development life cycle described in Chapter 2. The objective of this chapter is to present our proposition for a general valid framework (Figure 3) for project risk management. As well, we focus to the minimum set of knowledge that may manage different types of projects. Developed software solution and implementation is also presented. We consider that this approach fits customer requirements and provide significant results to avoid delays in projects by early identifying of risks. This chapter presents our methods and our software developed for risk management to succeed in risk identification phase to reduce or avoid delays for future projects. Throughout the paper we’ll give practical examples from our experience in software development and risk management.

12

3.1. Steps for risk management framework

The presented framework is derived from condensing knowledge from industrial large projects. Risk management is the systematic process of identifying, analyzing, and responding to project risks [95]. It includes maximizing the probability and consequences of positive events and minimizing the probability and consequences of adverse events to project objective. Risk management is essential and helps to avoid additional costs, delays or poor quality in project implementation. An integrated risk management plan in general project management plan helps to manage risk in projects’ uncertain environment.

3.1.1. Need for this approach

Risk is defined as a possible future event that, if it occurs, will lead to an undesirable outcome [79]. It refers to the loss itself, but as well to possibility of loss, or any characteristic, object, or action that is associated with that possibility [74]. Essentially, risk is the effect of uncertainty on objectives [99]. The purpose of project risk management [40] is to minimize risks of not achieving the objectives of the project, while taking advantage of opportunities. The objectives derive from consulting stakeholders. At beginning and during project life cycle is important to know the requests; then filter, rank, transform and communicate stakeholder’s requirements. In particular, risk management assists project manager’s decision making. It directly influences costs, budget and resources allocation, and decisions related to mitigation, insurances – generally setting priorities. There is a thin border between risk management and a proper project/program management. The two aim successful projects. While project management is the integrator and defines the large and detailed picture, the risk management looks at projects as being the path and its deviation into the n-dimensional space of constraints. It aims to ensure that threats to the projects are identified, analyzed and appropriate strategies are undertaken to mitigate and control risks [86].

Using knowledge applied in industry, we propose basic steps for risk management easy adaptable to different types of projects. We collect techniques for risk identification step and present best approaches for early risk identification. The aim of current framework for project risk management is to actively manage risks in business context and to deliver projects according to signed contracts and deadlines. In a generic project, risk management efforts shall be proportionate with the possible impact of the project. There is a distinction between project execution costs and the impact of the project. A simple example would be a small project that may affect the population in the region. Based on maturity where the projects run, a set of management processes are defined.

3.1.2. Proposed and implemented framework

Starting from PMI guidance for project risk management we identified few steps and we proposed and implemented a customized framework. The current framework for project risk management was successfully integrated in project management plans and implemented in complex projects to identify potential risks in the project life cycle. This framework was developed during our internship where we helped the specialized Project and Risk Management department to identify, mitigate and evaluate risks in projects. Risk management is easier applied into an organization that has established a project and risk management oriented culture. The simple framework for risk management is divided in four main steps.

Risk identification step: consists in a set of techniques and tools used to clearly identify risks. There is a difference between risks, problems, and unknown solution. Unknown solution is not necessarily risk, it is an activity that shall be planned and budgeted. Occurred risks are problems and risk management shall treat them apart. The Risk identification step is

13

influenced by the business environment, the company culture, and stakeholder’s knowledge. We may think of three categories of risks: known risks, risks we know we don’t know, and finally risks we don’t know we don’t know. Thinking to these, we recommend the set of techniques from [40], [98]. In addition, other methodologies and techniques may increase the success of identification step, but in the case of small and medium types of projects proper risk identification may be achieved by Brainstorming sessions, Check lists, Interviews, Lesson Learned Reports, Questionnaire, SWOT Analysis. It is very important to perform a risk management process during whole project life cycle. New risks may arise or ignored one may become active.

Risk assessment and evaluation: the simplest way to rank risks is to visualize them based on risk probability and risk impact. One may employ a set of tools or software solutions that may help with the visualization and with the identification step. The project manager or the risk manager prioritizes risks to offer action-oriented solutions. Managers employ results from qualitative and/or quantitative analysis to evaluate the likelihood of success in achieving project individual and overall objectives. The analysis addresses individual risks descriptively and focuses on risks with greatest effect on overall project objective. Quantitative analysis refers to methods when the team may correctly estimate risk (e.g., measured in currency, time) based on existing knowledge, i.e., the probability of occurrence multiplied with the impact of the respective risk. When quantitative measures are not possible, the team may rank (e.g., in 3 categories as minor, medium, major) the respective risks in terms of manageability vs. capability to predict risk size. This is called qualitative analysis. Risks with low manageability and high predictability may get easier insured. For high manageability risks managers may define actions. High manageability risks and high predictability risk shall be re-assessed and defined in quantitative terms of impact vs. probability.

Third phase of framework is risk mitigations step. We analyze options and assign corresponding costs and efforts to identified risks. A cost/benefit analysis is mandatory to decide if measures will be taken or not. In this step we can decide to avoid a risk by not performing the task/activity that may produce the risk. There are 3 useful approaches that prioritize risks. Certainly, higher the risks (in terms of probability x impact) shall be mitigated first. In addition, there are a number of low-hanging fruits, meaning risks to which the mitigation cost is insignificant. The third is to view the risk in terms of root-cause analysis. Risks may group since it may have a common root cause. It is very important to assign costs and efforts for the mitigation of each risk. This solution is useful when tasks that may produce risks can be avoided or replaced by similar one that may not affect the project objectives. Aside of avoidance or mitigation strategy, the last aimed to reduce the negative impact of a risk on a project objective or on project overall objective, one may look to transfer the risk to a third party (e.g., to buy insurance for transport, or simply to outsource the respective part of the project). Not all identified risks can be managed or mitigated. In some cases we have to accept the risk. There shall be an evaluation made of the conditions under which a risk will be accepted and two different methods of making this evaluation are, as well pointed and identified in [85]: Cost/Benefit Considerations and Living with the Possible Consequences. Accepting a threat or an opportunity strategy applies when the other strategies are not considered applicable or feasible. Acceptance entails taking no action unless the risk actually occurs, in which case contingency or fallback plans may be developed ahead of time, to be implemented if the risk presents itself [98]. This is the place where some managers introduce so called “plan B” as a continuation when the risk occurs. This is not mitigation of original risk, but helps for re-planning and is usually less costly than starting to plan the “plan B” when the risk occurs.

Fourth step of our framework is risk and mitigation monitoring. Once the managers decide on certain actions (called mitigations) that address the risks, it may take long until the actions are fruitful. An example would be a risk related to miss-communication. Any decision will

14

not deceffectiveffectivmay clobe part effectivsteps inand proenviron

The simmuch co

3

In this graphicaclass fosectors. maximufeaturesbased onin an ethroughmeeting

Consideexecute

crease the rve. On moveness of takose becauseof the regul

vely [40]. Den this type ooactive procnment.

mple steps domplex step

3.2. Softwa

chapter weal user inter

orecasting inAs we prev

um account s for a projen our past e

environmenth sprints ang, what will

3.2.1. C

ering a set s alike proj

risk immedonitoring sken action. e the projeclar managemeveloped frof planningcess. It is a

Figure 3 - M

discussed in ps applied in

are implem

e present ourface designn real businvious pointeof risks inh

ect, to classiexperiencest where un

nd meetingsdo until ne

Conceptua

of similarects or con

iately; it mstep, manaMore, durint passes ovment plan aamework fo. It offers sa real and u

Minimal fram

this chapten managem

entation

ur applicatin for our so

ness environed, early risherent to thify projects . Scrum menpredictables where eaxt project m

l backgrou

projects runstructs simi

may take magers shall ng the proj

ver respectivand that actior risk manasolutions anused solutio

mework for P

er are a redument of large

on and sofoftware solunment in cosk identificahe project. W

“delayed” oethodology fe is expectach team mmeeting and

und for dev

run by the ilar develop

months untilactively

ect life cycve phases. Tion plans aragement (F

nd traces to on to mana

roject Risk M

uction to thee and compl

ftware deveution and oumplex projation enableWe are interor “on-timefits best ourted. Every

member statd define if th

veloped soft

same depapments), ab

communicappraise t

le, new riskTherefore rere implemenigure 3) clesuccessful

age risk in

Management

e minimum lex industria

lopment mur approach ects from ees key projerested in fin

e” and to forr software dtask in Scr

te what didhere are any

tware solut

artment (e.gove a typic

cation chanthe decisioks can ariseeview procnted and proearly identif

apply this a project u

of much laal projects.

method, poinfor using r

energy and fect decisionnding most recast a newdevelopmencrum is card since lasty obstacles.

tion

g., a compcal risk anal

nnels are ons, the e or risks ess shall ogressed fies main iterative

uncertain

arger and

nting the reference financial

ns to take relevant

w project nt project rried out t project

any that lysis that

15

is due in each project, it is essential to know features that correlate to delay-risks. The project features may be technical, project management related features, country specific features, or economic environmental characteristics. Also, it is desired to better estimate the milestones or the end of the project. To evaluate delay-risk in complex or large projects, one method is to granularly build activities and link in the Gantt diagrams; evaluate the expected risks in each activity and further probabilistic build the expectance at milestones or end of the project. Such complex projects may deal with thousands of activities that are packed in dozens work-packages (e.g., the electrical section, civil engineering, cabling and piping, gas turbine, or the heat recovery steam generator). This method may be biased because of the cumulative complexity of linked activities. More, the risks one may initially assess are not independent; delay-risk at one activity may have a common root-cause and generate further delay-risks on the entire project. Kahneman and Tversky [71], [72] describe that human judgment is generally optimistic due to overconfidence and insufficient consideration of complexity. Based on competition, execution companies are under pressure to propose shorter terms and lower prices, sometimes unrealistic from planning. In this context, reference class forecasting [72] proposes to use distributional information from previous projects similar to the one being forecast. This is called taking an "outside view". Although the method is simplistic compared with the probabilistic-build version of the expectance at milestones based on granular expectations of each activity, it may better cover complexity and correlated risk. Further, the American Planning Association (APA) endorsed reference class forecasting “APA encourages planners to use reference class forecasting in addition to traditional methods as a way to improve accuracy.” The reference class forecasting is relatively difficult to implement in practice. Based on mathematical kernel density estimate, reference class forecasting depends dramatically on the reference class. The bias is stronger when the class is small. Slightly different, an alternative nonparametric method is called k-nearest neighbors or k-NN. It is similar to kernel methods with a random and variable bandwidth. The idea is to base estimation on a fixed number of projects - observations k which are closest to the desired project. A classical feature selection step helps in characterizing the projects. Therefore, we are interested in finding most relevant features for a project, to classify projects “delayed” or “on-time” and to forecast a new project based on our past experiences.

3.2.2. Developed software solution and results

K–nearest neighbor algorithm (k-NN) is a machine learning algorithm used for classifying objects. Basics of k-NN are described in [50], [117] and [84]. K-NN rule proceeds as follows to classify a project profile: a) Find the closest k observations in the learning (training) set and b) Predict the class of the “unknown” project profile by majority of vote (the winning label of the neighbors).

Our architecture is based on model-view-controller (MVC) model; the essential purpose of model-view-controller model is to bridge the gap between the human user's mental model and the digital model of computers (Figure 4). Our approach required the knowledge and the binding of a large number of programming languages for solving particular problems than a general purpose language. The View component was implemented in Macromedia Flash, XForms, PHP and CSS and assured a company look and feel product that runs as a web application designed to imitate a desktop application in order explore graphical capabilities without a look-in of the application's business logic. The Controller component was implemented in XQuery, which is a query and functional programming language that is designed to query collections of XML data. Query language such as XQuery requires considerable efforts when they address the problem of efficient processing of XQueries in single-user relational environment [97] where the queries are formulated using a user-friendly Graphical User Interface. For this component, we also used Java and JavaScript and the

16

algorithused a Tdata stomodular

MVC sother pain the fitasks. Walso plathere is wishes may genof othedevelopassumedproductspecificdevelopincreaserequiremthe succthat reflusability(Characapplicatof our managepresentefor deve

hm was devTomcat servorage and rity and furt

olution alloarts. In firstfinal applicaWe developeanned to lin

a clear disthat generanerate a numer stakeholdpments and d, validatedt managemecation of thpment as elee the customent was ecess of the

flected real y and well-cteristic is mtion state mworks [19]

ement depared accordinelopment w

eloped in Mver and eXmanagementher avoid t

Figur

ows that pat tests of theation and med client sidnk componestinction beally are not mber of reqder. Collec

the stakehd and accepent. In ourhe requiremement-part oomer satisfvaluated baproject imp

customer n-ordered promarked as

machine diag]. Proposedrtment. Com

ng to compawas open sou

Matlab® froist-db whicnt. A maintime consum

re 4 - Our gen

art of the me applicatio

members of de and servents and patween the “validated. B

quests that mcting all reholders is apted specificr case, projments. An of agile softfaction, genased on its plementatioeeds were aoduct. For “Char” an

gram is presd architecturmponents aany internalurce and cov

om MathWoch consists in advantageming custom

neralized arc

model can bon, differentthe develop

ver side in darts of the a“request” anBased on v

may or mayequests as a positive tcations by tject membe

initial setftware develnerate mornew functio

on and the accepted asour tests w

nd a value sented in Figure was accand responsl rules and pvers all dev

orks [129]. in an XMLe of MVC mization or m

chitecture pro

e modified t modules cpment teamdifferent tasapplication.nd “require

various staky not interse

a commontechnique. the project, ers participt of requirlopment. Nere impact onalities thproduct dev

s our main we used a da

as project gure 5. Resu

cepted and sibilities ofpolicies. Paelopment ph

For the MoL native data

solution isminor / maj

oposal

or replacedcan be used

m were able sks and wee. In requireement”. Reqeholders, ea

ect or conflin basis of Contrastingtypically d

pated in derements weew requiremand lowerat may brinvelopment. interest wasataset structnumber x ults were alvalidated b

f MVC moart of externhases.

odel compoa base, requs to assurejor adjustme

d without cand then lito work in

ekly meetinements engiquests are tach of stakict with the

understandg, requiremdecided by efining, revere definedments were r costs. Eang and criti

Only requis to develotured as in characterislso presenteby project odules werenal software

onent we uired for e a high ents.

changing ink them

n parallel ngs were ineering, technical

keholders requests

ding the ments are

project / iew and

d during tuned to

ach new icality to irements p a high Table 1

stic) and ed in one and risk e clearly e needed

17

Table 1 -

ProjectName_1Name_2... Name_M

This apmodulesfurther i

- Dataset stru

t Name C1 12 2

.M M

plication fos are indepimproveme

ucture

Char_1 1x1 2x1 ..

Mx1

Figure

ocuses on mendent onents. For exa

Char1x22x2... Mx2

5 - State mac

modularity afrom anoth

ample a mod

r_2

chine diagram

and on a hiher. In this dification in

...

...

...

...

...

m for the app

igh level ofway we of

n import ste

Ch1x2x... M

plication

f customizatffered an efep will not i

har_N xN xN

MxN

tion; all appfficient soluinfluence th

plication ution for he design

18

or implementation of other steps. It also true that computers should support virtualization for this solution. We offered our solution in VM, in this way any host station with a VM Player installed can load and run the machine and the application with minimum effort. First, a virtual machine was created and used on multiple computers. This is a platform independent solution; developed software is enclosure in VM and can run on any system. We also used this solution for backup; last VM was saved on a department shared drive when new modules were developed. To browse for files on local drive (e.g. stored in Windows and accessed from Linux) we need to define a shared folder and to store files in defined location. In our case, shared folder is defined on local drive. Our software solution is structured in 4 main steps: data preparation, data analyze, results and forecast. This work highlights the methodology used for this type of analysis and the results step. Developed application makes retrospective assessment of project delays based on past experience and solves two basic types of problems: the dataset training with results visualization and a new project prognosis. In practice, input for this program will come from an Excel file, and results from this program will be exported as an Excel file for dataset or as a PowerPoint presentation for training and forecast results. It is also likely that the program will run many times as the design is refined. Application behavior is detailed described in previous state machine diagram and will be step by step described in next sections. In all scenarios, user should spend a sufficient time for data preparation, including filtering, editing and/or grouping. Before the training process starts, data must be checked and cleaned because this is the recommended way for more accurate training results and then a better project prognosis. Result of an analysis depends by data input relevance, rightness and precision.

Dividing the application in main steps was useful to assure a high modularity and to ease further improvements or modifications. Tests were performed on each module and a selected module can run independently. The application runs as a web application that acts as a desktop one. For example, even if a pop-up window is defined in a case, it won't be a new window because it is embedded in Flash. Action Script code defined in Flash Actions permits multiple visible/hide windows. In this way, user will never leave the application process or main window. Pop-up window content is stored in external file. This also was a preferred solution for further minor modifications; there is no need to modify Action Scrip code from Flash; only external files should be edited to apply a modification. GUI simulation was performed according to main state machine diagram and main noted use cases. Main application steps are described in the following paragraphs. Each step is explained and detailed according to main state machine diagram (Figure 5) previously presented and steps in our software solution. We also considered necessary an export step to offer solutions for data store in Excel files and for results store in PowerPoint presentations. State machine diagram is depicted in main steps and each step is explained in compliance with identified use cases. A freeze of design task presented in our general project management plan was defined as a major milestone in our software development project. A set of quality gates were also defined in project management plan after each step implementation to assure that application respects all requirements (initial requirements and new accepted requirements during implementation process).

In data preparation step we are able to import files with details about projects characterized by a set of features and the class-label value, in our case the delay value. This module is developed to store and handle these files and to offer valid solutions in terms of clean editing and data preparation for training process. Selected file is converted in XML format and displayed in web interface. Application runs and last loaded data set is displayed. This is in case of no first time run. Otherwise, no data set is displayed and workspace is empty. When new data set needs to be imported a browse option is activated. Considering that application runs in UNIX, a mount option is necessary if we want to load data from external USB. On

19

server side, selected file is converted in XML format and stored in eXist-db. Next step is mapping, user must select type (Number, Text or Date) for each header of imported data set; application automatically identifies type of the field but in case of Blank identification field type must be corrected. Each field needs to be defined as text, number or date. Blank fields should not be defined. After field mapping, we can create groups and data set is displayed in editor with afferent groups. A data set versioning is also stored with performed modifications. Grouping step is necessary if we want to create multiple groups and to perform different training. For example, we performed trainings on groups with technical characteristics and with financial features stored in same data set and Excel file. Editor respects Excel file aspect and allows minor data modifications, similar with Excel editor; it intends to avoid potential errors (e.g. data is represented in different formats, a name is written in different ways John Doe is not similar with Doe J. even if it refers to same person). Text fields can be edited and to lists we can add or remove elements, number fields allow only number values and date fields allow picking a date from a calendar in our defined format yyyy-mm-dd. Editor displays data with fixed header and scroll content and also permits data sort, ascending and descending, by any fields of the data set. For this section we used a set of JavaScript functions for interactive tables and CSS for view model and classes (numeric, default, currency and date) for each header field.

In data analyze step, the application runs and trains to learn the most relevant features from past projects and to predict uncompleted or “unknown” projects. Before training process starts a parameters selection is needed. For our analysis we considered to set number of random assessments and number of neighbors. As we presented in our MVC architecture, in view module we used Macromedia Flash with ActionScript and PHP. Source of flash file is generated and .swf file is embedded as object in classic html code with no margins and exactfit. In Flash, for each parameter we designed a different scene to draw and place objects.

In results step, after selection for number of random assessments and maximum number of neighbors, training is performed; after performing training, all relevant graphics are displayed. Intermediary results are displayed to offer real time output of the application. Initially, a box-plot representation is displayed. A wrapper approach means to select individual features and combinatory sub-set of features. Box plots represent five aspects of error rates obtained by random selection of project in train set, learn and then apply the k-NN classifier on test set: the minimum error, lower quartile (the 25-percentile), median in red line (the 50-percentile), upper quartile the (75-percentile), and maximum. This type of analyzes is preferred because data can be quickly compared and results are relevant. Points outside the ends are outliers. Features that generate compact box plots with lower median and a low error classification are important for our analysis. A small box-plot means that respective characteristic (feature, or combination of features) participate to the error rate consistent over the projects in the set. Low median of error rates are beneficial for characterizing respective set of projects. Features that generate error rates around the 0.5 are random, and not useful for classification. Based on these analyses, relevant features (characteristic) are identified and selected for next representations. Our approach improves the existing reference class forecasting methodology by introducing a feature selection learning step and the use of k – Nearest Neighbor (NN) density estimation, which is based on a variant of nearest neighbor density estimation of the group-conditional densities. For our tests when using singular features, the classification error is calculated over a number of iterations. Data are divided in test and train with a proportion of 1/3 for the test and 2/3 for train. The box-plots (in Figure 6) present the distribution of the error classification per feature. A few characteristics used for project identification (as project code, internal rank, classifications etc.) were ignored because are not relevant for this type of analysis (and being unique generate a narrow distribution centered on 0.5). These types of

20

charactenot dup

Charactcombinacase decharacteparticullower min the pand genand k is100 projused decomponfeaturesvalue lehundredthree huerror, yfeaturesmatrix,

Figure 7most rellisted fogenerategraphicsselectio

eristics are licated.

Figure

teristics (inations. Oncelay) the eristic are bar to the sim

median thanprojects. By nerate the co the combin

ojects, each etails abounents, dates s and financess than ond millions aundreds miyield a lows are selectehierarchica

7 shows a nlevant featuor selection.e a good cs. Selected n is defined

used in dat

6 - Conceptu

n Figure 6ce a charactcombinatio

better only mulated cas

n the other fusing the s

ombinatorynations. In tproject chat customerfor contrac

cial details.ne hundredand three huillions. Rel

wer median ed (Figure 7al clustering

new analysiures are iden. Relevant fcorrelation options are

d by 1 if sele

ta preparatio

ual classificat

6 denoted teristic gen

ons of chaif lower th

se, relevantfeatures. Wesame concep

y n!/((n–k)! the practicalaracterized wrs, suppliercts, kickoff. Projects w

d millions, undreds milevant featuand are rep

7), we may v or multidim

is on a newntified. All features in th

with the oe stored in aected and by

on step to v

tion errors fo

as “Charnerates a goaracteristicshe error ratt singular fee may say t

ept we test ck!) columnl case the sywith a numbs, type of

f point, deliwere structumedium pr

llions and bures are thopresented invisualize thmensional s

w dataset to analyzed fehis case areoutcome. Ta text file. y 0 if not se

verify that a

or a set of rele

rs_”) may ood correlats that cone beyond theature is Chthat is Charcombination

ns, where nystem was tber of appro

technologyivery time, ured in smarojects withbig projects ose that gen a compache projects gscaling repre

exemplify eatures are re marked byThis selectiEach featurelected.

a project is

evant charact

be considtion with th

ntain the rhe single ohar_31, becr_31 correlans of 2 pairis the total

tested, we uox. 75 featuy used, nutechnical c

all projects h contract vwith contra

enerate a loct box-plotgrouped usiesentation.

feature selerepresented y a circle in ion helps tre is define

s unique and

teristics

dered alonehe outcomerespective option. In Fcause has a ates with thrs of all the number of

used a set ofures. As feaumber and complexity

where the value betwact value mower classit. Once the ing the dissi

ection step ain this analprevious figto generate

ed by a num

d data is

e or in e (in this

winning Figure 6,

specific he delays

features f features f approx. tures we type of and risk contract

ween one more than

ification relevant imilarity

and how lysis and gure and e further mber and

21

Next figthen selclusterinfeatures

In our ceach twProject_interestehierarch

gures are glected. Projeng (Figure s in the prev

case, dissimwo projects _50 becauseed in simihical cluster

Figure 7 - Se

enerated acects may ge9), where t

vious step.

milarity matrbased on

e is one andlar projectsring is displ

elect relevant

ccording to et grouped uhe distance

Figure 8

rix (dissimian M x M

d the same ps to be abayed where

t features to g

relevant feusing dissime between e

- Dissimilari

ilarity = 1 -M matrix. Fproject (simble to groue projects ar

generate furt

eatures idenmilarity mateach two pro

ity matrix

similarity)For exampl

milarity is 1 up them. Fre ordered a

ther graphics

tified in botrix (Figure ojects is ba

displays thle, Project_and dissimi

For a betteand ranked.

s

ox-plot anale 8) and hierased on the

he distance _50 is simiilarity is 0)

er represent

lysis and rarchical selected

between ilar with . We are tation, a

22

Anotherfeatures(MDS) techniqu

Forecasidentifiemade, bby impocompletprocedufor fore

Fi

r way to rs, is to scatttechnique.

ue to visual

st step allowed after trabased on pasorting from te the featurure from daecast. The a

igure 9 - Hier

represent cter the “delMDS (Figu

lize similari

Figure

ws predictinining step. st experiencan Excel fi

res and the ata preparatianalysis dis

rarchical clus

current projlayed” and ure 10) is aties or dissi

10 - Multidim

ng a new prIn this step

ce and trainle or using values for tion pointingsplays graph

stering repre

ject, when “on-time” pa special tyimilarities in

mensional sc

roject and tp a progno

ning. A data a wizard (athe featuresg that only hically and

sentation of s

projects aprojects usiype of ordinn our traine

aling represe

to position sis if a proset with pr

a wizard wil). Import prone projec

d as a table

similar projec

are characteng a multidnation and d data set.

entation

it in closestoject will beojects for foll guide the rocedure is t can be sethe forecas

cts

erized by dimensionala typical s

t observatioe delayed o

forecasting iuser step bsimilar with

elected fromst results. A

multiple l scaling tatistical

on group or not is is loaded y step to h import

m the list A list of

23

similar 11).

For a paclass fothe claspercentasimilar multidimpositione.g., theprojectsproject label omultidimmanageto the reor wors

An expexport oversion dissimilpresentaapplicatcorporadocumeexplaineapplicatdocumeperspec

projects is

articular newrecasting aps of the seleage of compprojects w

mensional ned on closee green wes that had de(blue star in

of the neigmensional ers to easierespective sie delays.

port solutiooption is ne

of file orlarity matriation and totion is well

ation with laentation. Wed basic gtion and sent we havtive, produ

displayed a

Figu

w project, tpplication idected new ppletion (typ

with the newscale repreest class. Me may repreelays. The bn our repreghbors. Thscaling rep

r predict issimilarity. T

on was alsoecessary to r to have aix, hierarcho be presentl developedarge and co

We defined goals of thstep by steve presenteuct function

and the esti

ure 11 - Forec

that belongsdentifies thproject profipically >80%w project aesentation.

Multidimensiesent projecblue star is sentation) p

he two reppresentation ues in the phese feature

o integratedexport finala clean dathical clusterted to custo

d to estimatomplex pro

a documehe applicatiep graphiced some asns, main g

imation if t

cast GUI usin

s to the same closest ob

file. Training%). Based oare ranked Based on ional Scalincts that occour current

profile is prpresentation

n bring simplanning. Mes are equa

d and allowl dataset fota set. Graring and Momers as reste delays inojects. We aent with uion and co

cal user inspects concgraphical u

the project w

ng a demo dat

me (econombservations g set is comon the existand listed, delays fea

ng represencurred on tt project. Thredicted by n methods,

milar projectMore, it undeally related t

ws exportingor last versioaphics (coll

MDS) are asult of our

n complex palso defineduser interfommon sce

nterface viscerning scouser interfa

will be or n

ta set

mic) environmin the train

mposed fromting model

as well asatures, a netation may time while he class of tmajority of, hierarchicts in view, erlines the fto better tim

g workspacon, to consolective clasalso exporteanalysis. Wprojects andd a set of dface specifenarios, ansualization. ope of the ace require

not delayed

ment, our rning set and m projects wfrom trainins the 3-D sew project depict the pwith red t

the "unknowf votes, the cal clusteri allowing features tha

ming in the

ce and resuolidate, to hssification-bed to be us

We consider d is relevandocuments fication whn overview

In requi software,

ements, ope

d (Figure

reference predicts

with high ng, most space of

can be projects: there are wn" new winning ing and program

at leaded projects

lts. This have last boxplots, sed in a that our

nt to any for user

here we w of the

rements product

erational

24

environments and user characteristics. Technical specifications document describes the proposed model-view-controller architecture and its benefits. Help file provides assistance for our software solution use. During the execution of an analysis we also provided information and guidance for a correct use, help file can be accessed from any step of the application.

3.3. Conclusions

Proposed own framework for project risk management can be applied to different types of projects as is or with minor customizations. While each project is unique in terms of objectives, business environment, requirements or stakeholders – proposed risk management framework can be adapted to any field and can easily be integrated in project management plan. In risk identification step we have presented a set of techniques that can succeed in early risk identification, in risk mitigation phase strategies to manage risk are presented. We also pointed features for risk evaluation. The framework is derived from complex projects as the minimum set of requirements. Although simpler, it follows the essential steps of main standards and approaches for risk management. We show a particular implementation and the software developed for risk management focused on reference class forecasting. The reference class forecasting approach aims to reduce bias and strategic misrepresentation. The theoretical work around reference class forecasting helped Kahneman win the Nobel Prize in Economics in 2002. Starting from reference class forecasting theory we have implemented and used a modified algorithm in real business environment by adding an intermediary step of features selection.

Chapter 4

4. Final remarks and future work

For successful projects and for risks control in projects we discussed about risk management and described the current concerns in this domain. We identified standards, rules and conceptual frameworks. Important research conducted in the area was presented in an educational manner. An overview of traditional and agile software development methods was made and the associated frameworks were identified to develop a useful application for risk management. Project risk management provides benefits when it is implemented according to good practice principles and with organizational commitment to taking the decisions and performing actions in an open manner. Risk management shall be integrated part of project management in every phase and in every process group. Included in project management plan, a risk management applied at major project milestones will provide more realistic paths and easily manage risks in projects’ uncertain environment and life cycle.

Based on PMBOK Guide framework, we identified all necessary steps in our software development project and presented our own framework for risk management. Our proposed framework proved its efficiency in our projects and managed risks in complex projects. It can be adapted and easily integrated in project management plan for any type of projects. Presented techniques and strategies can be useful and assure project' delivery in deadlines.

Although we had some challenging tasks during the project life cycle, we consider this agile approach a relevant evolution of our research. Initial analysis helps to plan better at the start of the project. A proper risk management plan integrated in general project management plan

25

also supports a higher quality and lower cost products. Project risk management is an essential and determinant step towards successful projects. All real risks that can affect one or more objectives of the project must be identified and managed. A detailed analysis and a precise definition of risk can lead to successful achievement of objectives.

Company policy and culture is an essential factor. A risk management oriented culture is desirable. Human factor is also a decisive factor in our main approaches, in development projects and risk management processes. We consider that Scrum as agile approach is a continuous improvement process. Collaboration in sprint meetings and group development are crucial factors in adopting agile methods. Collaboration gaps between team members need to be filled and each team member is aware by his task until a next sprint meeting. An analysis is mandatory for project plan development for a proper integration in company policy and culture and to avoid potential intern problems. In this initial analysis can be identified major aspects that can dramatically change the project trajectory and implementation strategy.

A software application for risk management helps team members to identify features that influence the quality or costs or cause delays in projects. It needs to do a clear priority of risks mitigation, to prioritize and identify high risks with low awareness or low risk with high awareness in an effective and efficient way. Bad experiences make the next project more expensive. We consider that agile development methods are preferred when a team decides to implement a software solution. Some of those methods share many benefits and common features but some of them are more focused than others. Traditional solutions and methodologies for software development are not used in the real software development environment.

In software development life cycle, initial software requirements may suffer major changes. Developers must consider those changes to achieve customers’ needs. From this point of view, an agile software development method is indicated and capable to solve all the problems. An agile software development approach is useful to satisfy customer needs that are changing during the software development process according to their principle for high-quality and low-cost products or services; it is also an active approach for financial benefits and to achieve company goals. We consider our research topic a new one, relevant and with major impact for successful projects. By research, science aims to generate knowledge to solve theoretical and/or practical problems and we managed to do this.

4.1. Personal contributions

Identified standards in terms of risk management were adapted to build our own project risk management framework. Developed framework was applied in business environment in our agile software development project. Based on theories from Economics we managed to implement them in a real solution in Informatics.

As relevant results for this research, we have developed and implemented a complex software solution that helps to find the closest k observations in the learning (training) set and to predict the class of the “unknown” project profile by majority of vote (the winning label of the neighbors). This method helps to avoid delays in complex projects. As we defined, in our case, a complex project is structured in three phases: a) sales or acquisition, b) project execution or implementation, and c) project closure and service preparation. Risk management should be integrated in project management plan and our proposed framework assured a correct approach to manage risks in projects. This reference class forecasting approach aims to reduce and eliminate optimism bias and strategic misrepresentation. Reference class forecasting based on ideas of decision making under uncertainty has won the Nobel Prize in Economics 2002. Our approach improves the existing methodology by

26

introducing a feature selection learning step; it improves the original reference class forecasting and helps program managers to point towards essential features that are correlated with time risk management. Based on past experience and training and according to selected relevant features projects may get grouped and a new "unknown" project is positioned in the closest observation group.

We have developed a complex application for risk management using reference class forecasting. It is well designed to fit in the company structure and behavior. It is a powerful application with high portability level that learns from past experience and prognosis current or future projects, it provides an easy editor and functions for data manipulation, provides an complex dictionary data validations against typos and terms written in different languages, provides a complex versioning, field mapping and filtering solution. The Graphical User Interface respects company internal standards and policy; it provides step by step guide through the application and is easy to use, user do not see or understand the Matlab® algorithms behind. The application workflow was defined and presented and the results of your work are immediately visible and reported in an educational manner; results representation and graphs were defined and approved by company Project and Risk Management department. This approach and our developed application proved to be useful in real business environment and best risk management practices adapted after Project Management Institute standards [98] led us to successful risk management and project delivery respecting all contractual terms without any penalties or financial loss.

As author's bibliography shows, we were interested in several topics. We published research articles in several international conferences and journals as results of our work in PN2 grants as PN2_IDEI 2359, 936/2009 (Business Process Management) and PN2 no. 92-100/2008 SICOMAP (Collaborative systems for management of economic projects). Another result is our published risk management chapter in the monograph of PN2 no. 91-049/2007 (Intelligent Systems for Economic Decision Support) grant. We also consider our experience in group development and managerial meetings an essential aspect for our career.

4.2. Directions for future work

As for our future work, we intend to apply our risk management framework in POSDRU projects to avoid problems in implementation. In this way we can identify potential problems that may radically influence the project and the budged by reallocating funds. Our framework was successful integrated in complex projects in our internship. We plan to present our approach in several projects managed by our faculty as POSDRU/87/1.3/S/63908 (ECON) Project and POSDRU/87/1.3/S/63909 (RLNM) Project. We also plan to develop a more complex project management plan for mentioned projects and to provide a methodology for projects' meetings. We also intend to measure faculty maturity and capability to implement projects and to attract European funds. Regarding our application, we want to optimize the Graphical User Interface to fit new requirements and preferences, to refine and optimize the code for better performance and faster analyze in training and forecast steps, to compile and integrate code for combinations of features analysis, to optimize export procedure to store datasets and groups for each dataset in files in initial formatted style, to refine documentation where necessary and to define and implement restrictions for normal users and advanced users. After a set of relevant projects and identified features we will be able to apply our reference class forecasting methods.

27

4.3. Author's bibliography

I. Books 1. Nițchi Ioan Ștefan, Airinei Dinu, Arba(Cordis-Herbil) Raluca, Benţa Dan, Brandas Claudiu,

Buchmann Robert, Crisan Emil Lucian, Homocean Daniel, Jecan Sergiu, Kleinhempel Simona, Mihaila Adrian-Alin, Muntean Mihaela, Nagy Mariana, Petrusel Razvan, Podean Ioan Marius, Rusu Maria Lucia, Sitar-Taut Dan Andrei, carte, Sisteme inteligente de asistare a deciziilor, Risoprint , Cluj-Napoca, 2010, p. 450.

2. Arba Raluca, Benţa Dan, Breşfelean Vasile Paul, Mocean Loredana, Sitar-Tăut Dan-Andrei et al., Informatică economică: culegere de probleme, Risoprint: Cluj-Napoca, 2009, p. 213.

II. Articles 1. M. I. Podean, S. I. Nitchi & D. Bența, “Content Management in the Context of

Collaboration”, The Third International Conference on Creative Content Technologies (CONTENT 2011), September 25-30, Rome, Italy, 2011 [in press].

2. M. I. Podean, D. Bența & R. A. Costin, “On supporting creative interaction in collaborative systems. A content oriented approach”, accepted paper at The First International Workshop on Sustainable Enterprise Software (SES2011) held in conjunction with the 13th IEEE Conference on Commerce and Enterprise Computing (CEC2011), Luxembourg, 2011 [in press].

3. D. Benţa, C. Mircean & L. Rusu, "Reference Class Forecasting integration to avoid delays in complex projects", The fourth international conferences on Internet Technologies and Applications (ITA 11), Wrexham, U.K., 2011 [in press].

4. D. Benţa, M.I. Podean, L. Rusu & C. Mircean, "From Nobel Prize to Reference Class Forecasting for Successful Projects”, The 7th International Conference on Management of Technological Changes - MTC, “ISI Web of Knowledge”, ISI Proceedings Database, Alexandroupolis, Greece, 2011 [in press].

5. S. Jecan, D. Bența & M. I. Podean, “Collaborative portal for PhD students”, The 7th International Conference on Management of Technological Changes - MTC, “ISI Web of Knowledge”, ISI Proceedings Database, Alexandroupolis, Greece, 2011 [in press].

6. D. Benţa, L. Rusu & M.I. Podean, "Successful Implemented theories for Reference Class Forecasting in industrial field", ICE-B 2011 - International Conference on e-Business, Seville, Spain, 2011.

7. D. Benţa, M.I. Podean & L. Rusu, “About creativity in collaborative, Why it matters and how it can be supported”, ICE-B 2011 - International Conference on e-Business, Seville, Spain, 2011.

8. D. Benţa, M.I. Podean & C. Mircean, “On best practices for risk management in complex projects”, Informatica Economica Journal, Bucharest: INFOREC Association, Vol. 15, no. 2/2011.

9. D. Benţa, M.I. Podean, S. Jecan & C. Mircean, "Simple steps for Risk Management in small and medium projects", The 7th International Conference on Management of Technological Changes - MTC, “ISI Web of Knowledge” ISI Proceedings Database, Alexandroupolis, Greece, 2011 [in press].

10. D. Benţa & M.I. Podean, "Risk Management approaches for successful projects", The Proceedings of 2nd Symposium on Business Informatics in central and Eastern Europe, 2011, 978-3-85403-280-9, Oesterreichische Computer Gesellschaft, p. 39-49.

11. D. Benţa, Ştefan Ioan Niţchi, Darius Șuta, Remus Felix Pop, "Efficient Team Building for On-Time Projects", Journal of Information Systems & Operations Management, The Proceedings of Journal ISOM Vol. 5 No. 1 / May 2011, CNCSIS B+, ISSN: 1843-4711, p. 31-43.

12. D. Benţa & Ş.I. Niţchi, "Succeeding in software development projects", Journal of Information Systems & Operations Management, Vol. 4 No. 2/December 2010, ISSN: 1843-4711, 2010, p. 9-19.

13. M.I. Podean, D. Benţa & C, Mircean, "Overlapping boundaries of the project time management and project risk management", Informatica Economica Journal, Bucharest: INFOREC Association, 2010.

14. D. Benţa & Ş.I. Niţchi, “A Video surveillance model integration in small and medium enterprises”, The 5th International Conference on Software and Data Technologies, The DBLP Computer Science Bibliography & Inspec, Athens, Greece, 2010.

28

15. S. Jecan & D. Benţa, "On-line exam – a new step in developing the e-learning testing", The 6th International Seminar on Quality Management in Higher Education, 978-973-662-567-1, “ISI Web of Knowledge” ISI Proceedings Database, 2010, p. 495-498.

16. M.L. Rusu, S. Kleinhempel & D. Benţa, "Individual versus collaborative decision for analyzing companies performance", 6th International Seminar on the Quality Management in Higher Education, 978-973-662-567-1, “ISI Web of Knowledge”, ISI Proceedings Database, 2010, p. 683-686.

17. D. Benţa, “A Web Service Framework for Economic Applications”, Directory of Open Access Journals - DOAJ, Journal of Applied Computer Science & Mathematics 7, Special Issue: Proceedings of the 1st International Workshop "The Economy and New Information Technologies", 2010, p. 14-19.

18. D. Benţa, “WiFi technologies for video surveillance”, Proceedings of the International Conference on Knowledge Engineering, Principles and Techniques, Volume III, Studia Universitatis Babeş-Bolyai, Cluj-Napoca: Cluj University Press, 2009.

19. D. Benţa, “Managed Video as a Service for a Video Surveillance Model”, Directory of Open Access Journals - DOAJ, Journal of Applied Computer Science and Mathematics Issue 5, 2009, p. 9-14.

20. M.L. Rusu, R. Arba & D. Benţa, “Dynamic e-collaboration management model”, Third International Conference on Internet Technologies and Applications, Glyndwr University, Editor: Vic Grout, Stuart Cunningham, Denise Oram, Rich Picking, Nigel Houlden, 978-0-946881-65-9, British Computer Society (BCS), Wrexham, U.K., 2009, p. 584-593.

21. S. Jecan, D. Benţa & L. Muresan, “Clustering companies profile and preferences”, The Proceedings of the Ninth International Conference on Informatics in Economy, Bucharest: ASE Publishing House, 2009.

22. D. Benţa, “VoIP Technology. Monitoring & Video Surveillance via IP”, Annals of the Tiberiu Popoviciu seminar of Functional Equations, Approximation and Convexity, CNCSIS B+, Supplement: Romanian Workshop on Mobile Business, 2008, p. 145 – 156.

23. D. Benţa, “Web Services in Business Applications”, Annals of the Tiberiu Popoviciu seminar of Functional Equations, Approximation and Convexity, CNCSIS B+, Supplement: International Workshop in Collaborative Systems and Information Society, 2008, p. 57 – 65.

24. D. Benţa, “E-payment Solutions for e-shops”, Intelligent System for Business Decisions Support, Student Contest and Conference, Cluj-Napoca: Risoprint, 2008, p. 17-24.

III. Technical reports: 1. M.I. Podean, D. Benţa, Tool Development for Reference Class Forecasting, “Technical

specifications”, Corporate Technology, Project and Risk Management - internal use only. 2. D. Benţa, M.I. Podean, Tool Development for Reference Class Forecasting, “Software

Documentation - User Interface Specifications”, Corporate Technology, Project and Risk Management - internal use only.

3. D. Benţa, M.I. Podean, Tool Development for Reference Class Forecasting, “Software Documentation - Requirements”, Corporate Technology, Project and Risk Management - internal use only.

4. D. Benţa, M.I. Podean, Tool Development for Reference Class Forecasting, “Tool Help”, Corporate Technology, Project and Risk Management - internal use only.

29

PhD. Thesis Bibliography

[1] P. Abrahamsson, S. Outi, J. Ronkainen & J. Warsta, “Agile software development methods. Review and

analysis”, Espoo, VTT Publications 478, 107 p. 2001. [2] S. Ambler, “Agile Modeling: Effective Practices for Extreme Programming and the Unified Process”,

New York:John Wiley & Sons, Inc, 2002. [3] A. Andoni & P. Indyk, “Near-Optimal Hashing Algorithms for Approximate Nearest Neighbor in High

Dimensions”, Communications of the ACM January Vol. 51, No. 1, 2008. [4] A.A. Aritzeta & S. Swailes, "Team Role Preferences And Conflict Management Styles", The

International Jounal of Conflict Management, Vol. 16, No. 2, pp. 157-182, 2005. [5] E. Avanesov, “Risk management in ISO 9000 Series standards”, International Conference on Risk

Assessment and Management, 24-25 November Geneva, 2009. [6] W. D. Bae, S. Alkobaisi, S. H. Kim, S. Narayanappa & C. Shahabi, “Web data retrieval: solving spatial

range queries using k-nearest neighbor searches”, Geoinformatica 13, Springer Science + Business Media, LLC., pp.483–514, 2008.

[7] R.F., Bales, "The equilibrium problem in small groups", in T. Parsons, R. F. Bales and E. A. Shils (eds.), Working Papers in the Theory of Action, Free Press, pp. 111-161, 1953.

[8] K. Beck, “Embracing Change with Extreme Programming” in IEEE Computer, 32(10), pp.70-77, 1999. [9] K. Beck, “Extreme programming explained: Embrace change”, Reading, Mass.:Addison-Wesley, 1999. [10] R.M. Belbin, "Management teams: Why they succeed or fail", London: Heinemann, 1981. [11] W.G. Bennis & H.A. Shepard, "A theory of group development", Human Relations, 9, 1956, pp. 415-37. [12] J. L. Bentley, “Multidimensional binary search trees used for associative searching”, Communications of

the ACM, 18, pp.509–517, 1975. [13] D. Benţa & Ş.I. Niţchi, “A video surveillance model integration in small and medium enterprises”, The

5th International Conference on Software and Data Technologies, Athens, Greece, 22-24 July, 2010. [14] D. Benţa & Ş.I. Niţchi, "Succeeding in software development projects", Journal of Information Systems

& Operations Management, Vol. 4 No. 2/December, ISSN: 1843-4711, pp.9-19, 2010. [15] D. Benţa & M.I. Podean, "Risk Management approaches for successful projects", The Proceedings of

2nd Symposium on Business Informatics in central and Eastern Europe, Oesterreichische Computer Gesellschaft, 978-3-85403-280-9, pp. 39-49, 2011.

[16] D. Benţa, M.I. Podean, S. Jecan & C. Mircean, "Simple steps for Risk Management in small and medium projects", The 7th International Conference on Management of Technological Changes - MTC, “ISI Web of Knowledge” ISI Proceedings Database, Alexandroupolis, Greece, 2011 [in press].

[17] D. Benţa, M.I. Podean & C. Mircean, “On best practices for risk management in complex projects”, Informatica Economica Journal, Bucharest: INFOREC Association, Vol. 15, no. 2/2011.

[18] D. Benţa, L. Rusu & M.I. Podean, "Successful Implemented theories for Reference Class Forecasting in industrial field", ICE-B 2011 - International Conference on e-Business, Seville, Spain, 2011.

[19] D. Benţa, C. Mircean & L. Rusu, "Reference Class Forecasting integration to avoid delays in complex projects", The fourth international conferences on Internet Technologies and Applications (ITA 11), Wrexham, U.K., 2011 [in press].

[20] D. Benţa, M.I. Podean, L. Rusu & C. Mircean, "From Nobel Prize to Reference Class Forecasting for Successful Projects”, The 7th International Conference on Management of Technological Changes - MTC, “ISI Web of Knowledge”, ISI Proceedings Database, Alexandroupolis, Greece, 2011 [in press].

[21] D. Benţa, “E-payment Solutions for e-shops”, Intelligent System for Business Decisions Support, Student Contest and Conference, Cluj-Napoca: Risoprint, pp.17-24, 2008.

[22] D. Benţa, “WiFi technologies for video surveillance”, Proceedings of the International Conference on Knowledge Engineering, Principles and Techniques, Volume III, Studia Universitatis Babeş-Bolyai, Cluj-Napoca: Cluj University Press, 2009.

[23] D. Bernoulli, “Exposition of New Theory on the Measurement of Risk”, Econometrica, 22, pp.23-36, 1954.

[24] B. Boehm, "A Spiral Model of Software Development and Enhancement", ACM SIGSOFT Software Engineering Notes, ACM, 11/4, pp. 14-24, August 1986.

[25] O. Bouattane, J. Elmesbahi, M. Khaldoun & A. Rami, “A Fast Algorithm for k-Nearest Neighbor Problem on a Reconfigurable Mesh Computer”, Journal of Intelligent and Robotic Systems 32, Printed in the Netherlands: Kluwer Academic Publishers, Springer-Verlag, pp.347–360, 2001.

[26] L.P. Bradford & T. Mallinson, "Group formation and development", Dynamics of Group Life, National Education Association, National Training Laboratories, Washington, 1958.

30

[27] L.P. Bradford, "Trainer-intervention: case episodes" in L. P. Bradford, J. R. Gibb and K. D. Benne (eds.), T-Group Theory and Laboratory Method, Wiley, pp. 136-67, 1964.

[28] L.P. Bradford, "Membership and the learning processes" in L. P. Bradford, J. R. Gibb and K. D. Benne (eds.), T-Group Theory and Laboratory Method, Wiley, pp. 190-215, 1964.

[29] C.N. Bredillet, "Blowing Hot and Cold on Project Management", Project Management Journal, Volume 41, Number 3, 2010.

[30] R. Brice & R. Pickings, “User Interface Specification for QCONBRIDGE II, Version 1.0”, September, WSDOT and Bridgesight Software, 2000.

[31] H. Cendrowski & and W.C. Mair, "Enterprise Risk Management and COSO", A Guide for Directors, Executives, and Practitioners, New Jersey:John Wiley & Sons, Inc., pp. 15-20, 2009.

[32] C. Chapman & S. Ward, Project Risk Management, Processes, Techniques and Insights, Second Edition, The Atrium, Southern Gate, Chichester, West Sussex PO19 8SQ, England: John Wiley & Sons Ltd, 2003.

[33] M.B. Chrissis, M. Konrad & S. Shrum, "CMMI for Development®: Guidelines for Process Integration and Product Improvement", 3rd Edition, Published Mar 10, Addison-Wesley Professional. Part of the SEI Series in Software Engineering series, 2001.

[34] CMMI Product Team, "Improving processes for better products", CMMI® for Development, Version 1.2, CMU/SEI-2006-TR-008, ESC-TR-2006-008, Carnegie Mellon University, 2006

[35] CMMI Product Team, "Improving processes for better products", CMMI® for Development, Version 1.3, Technical Report, November 2010.

[36] A. Cockburn, “Agile Software Development”, Boston: Addison-Wesley, 2002. [37] H.S. Coffey, "Socio and psyche group process: integrative concepts", Journal of Social Issues, 8, pp. 65-

74, 1952. [38] M. Cohn, "Succeeding with Agile Software Development using SCRUM", The Addison-Wesley

Signature Series, 2010. [39] M. Cole, R. M. O'Keefe & H. Siala, “From the User Interface to the Consumer Interface”, Information

Systems Frontiers 1:4, Manufactured in The Netherlands: Kluwer Academic Publishers., pp.349-361, 2000. [40] D.F. Cooper, S. Grey, G. Raymond & P. Walker, “Project Risk Management Guidelines - Managing

Risk in Large Projects and Complex Procurements”, John Wiley & Sons Ltd, 2005. [41] A. Damodaran, "Why Do We Care About Risk?", Strategic risk management. A Framework for risk

management, USA, New Jersey: Pearson Education, Inc., pp.11-35, 2008. [42] M. Deutsch, "A theory of cooperation and competition", Human Relations, 2, pp. 129-52, 1949. [43] M. Deutsch, "The resolution of conflict: Constructive and destructive processes", New Haven: Yale

University Press, 1973. [44] Electronic Industries Alliance, "Systems Engineering Capability Model (EIA/IS-731.1)", Washington,

DC, 2002. [45] M.A.Eita & M.M.Fahmy, "Group Counseling Optimization: A Novel Approach", M. Bramer et al.

(eds.), Research and Development in Intelligent Systems XXVI, DOI 10.1007/978-1-84882-983-1_14, Springer-Verlag London Limited 2010.

[46] F. Farahmand, S.B. Navathe, G.P. Sharp & P.H. Enslow, “A Management Perspective on Risk of Security Threats to Information Systems” in Information Technology and Management 6, The Netherlands: Springer Science + Business Media, Inc, pp.203–225, 2005.

[47] J. Feller and B. Fitzgerald, “A Framework Analysis of the Open Source Software Development Paradigm”, 21st Annual International Conference on Information Systems, Brisbane, Australia: ACM Press, pp.58-69, 2000.

[48] F. Ferretti, “A European Perspective on Consumer Loans and the Role of Credit Registries: the Need to Reconcile Data Protection, Risk Management, Efficiency, Over-indebtedness, and a Better Prudential Supervision of the Financial System”, J Consum Policy 33, Springer Science+Business Media, LLC, pp.1-27, 2010.

[49] S.G. Fisher, T.A. Hunter & W.D.K. Macrosson, "A validation study of Belbin’s team roles", European Journal Of Work and Organizational Psycology, 10 (2), pp. 121–144, 2001.

[50] E. Fix & J. Hodges, “Discriminatory analysis, nonparametric discrimination: consistency properties”, Technical Report, Randolph Field, Texas: USAF School of Aviation Medicine, 1951.

[51] B. Flyvbjerg, “Delusions of Success: Comment on Dan Lovallo and Daniel Kahneman”, Harvard Business Review, pp. 121-122, 2003.

[52] B. Flyvbjerg, "Eliminating Bias through Reference Class Forecasting and Good Governance", Concept Report No 17 Chapter 6, Concept-programmet, 2007.

[53] R. Gareis, "Happy projects!", Project Management Institute, Vienna, Austria, 2005. [54] P.R. Garvey, "Elements of Probability Theory" in Analytical methods for risk management: a systems

engineering perspective, USA: Taylor & Francis Group, LLC, pp.13-39, 2009. [55] R.H. Güting, T. Behr & J. Xu, “Efficient k-nearest neighbor search on moving object trajectories”, The

VLDB Journal 19, pp.687–714, 2010.

31

[56] A.L. Harvey, "About Projects and Project Management", Practical Project Management Tips, Tactics, and Tools, John Wiley & Sons, Inc, ISBN 0-471-20303-3, 2002.

[57] E.L. Herbert & E.L. Trist, "The institution of an absent leader by a student's discussion group", Human Relations, 6, pp. 215-248, 1953.

[58] J.A. Highsmith, “Adaptive Software Development: A Collaborative Approach to Managing Complex Systems”, New York, NY: Dorset House Publishing, 2000.

[59] J. Highsmith, "Agile Project Management, Creating innovative products", AddisonWesley, 2004. [60] D. Hilbring & T. Usländer, “Catalogue Services Enabling Syntactical and Semantic Interoperability in

Environmental Risk Management Architectures, Managing Environmental Knowledge“, Proceedings of 20th International Conference on Informatics for Environmental Protection, Aachen: Shaker Verlag, 2006.

[61] D. Hillson, “When is a risk not a risk?”, Project Manager Today, Project Manager Today, pp. 15-16, January 2007.

[62] R. M. Hogarth, “Judgement and choice: The psychology of decision”, 2nd edition, Chichester, England: John Wiley & Sons, 1987.

[63] R. Horwitz, “Hedge fund risk fundamentals: solving the risk management and transparency challenge”, Bloomberg Press Princeton, 2004.

[64] D. W. Hubbard, “How to Measure Anything: Finding the Value of Intangibles in Business”, 2nd edition, Hoboken, New Jersey: John Wiley & Sons, Inc., 2010.

[65] A. Hunt & D. Thomas, “The Pragmatic Programmer”, Addison Wesley Longman, Inc., 2000. [66] ISO/IEC/JTC 1/SC 7. ISO/IEC FDIS 9126-1, “Software Engineering - Product quality - Part 1: Quality

model”. Technical Committee of International Organization for Standardization, 2000. [67] I. Jacobsen, M. Christerson, P. Jonsson & G. Overgaard, “Object-Oriented Software Engineering: A

Use-Case-Driven Approach”, Reading, MA:Addison-Wesley, 1994. [68] S. Jecan & D. Benţa, "On-line exam – a new step in developing the e-learning testing", The 6th

International Seminar on Quality Management in Higher Education, CETEX, 978-973-662-567-1, “ISI Web of Knowledge” ISI Proceedings Database, P. 495-498, 2010.

[69] S. Jecan, D. Benţa & L. Muresan, “Clustering companies profile and preferences” in The Proceedings of the Ninth International Conference on Informatics in Economy, Bucharest: ASE Publishing House, 2009.

[70] H.H. Jennings, "Sociometric differentiation of the psychegroup and sociogroup", Sociometry, 10, pp. 71-79, 1947.

[71] D. Kahneman & A. Tversky, “Prospect theory: An analysis of decisions under risk”, Econometrica, 47, pp. 313-327, 1979.

[72] D. Kahneman and A. Tversky, “Intuitive Prediction: Biases and Corrective Procedures”, Studies in the Management Sciences: Forecasting, 12, Amsterdam, North Holland: S. Makridakis and S. C. Wheelwright, Eds., 1979.

[73] C. Keith, "Agile development" in Agile game development with Scrum, Addison-Wesley, ISBN 0-321-61852-1, pp. 13-32, 2010.

[74] J. Kontio, “Software Engineering Risk Management: A Method, Improvement Framework, and Empirical Evaluation”, Ph.D. Thesis, Hensinki University of Technology, Finland, 2001.

[75] V. Kumar & N. Viswanadham, “A CBR-based Decision Support System framework for Construction Supply Chain Risk Management”, Proceedings of the 3rd Annual IEEE Conference on Automation Science and Engineering, Scottsdale, AZ, USA: IEEE, Sept 22-25, 2007.

[76] Y.H. Kwak & J. Stoddard, “Project risk management: lessons learned from software development environment”, Technovation 24, Elsevier Science Ltd., pp.915-920, 2004.

[77] C. Larman & V.R. Basili, "Iterative and Incremental Development: A Brief History" in IEEE Computer (IEEE Computer Society) 36 (6), June, pp. 47–56, 2003.

[78] G. Lee & W. Xia, “Toward Agile: An integrated analysis of quantitative and qualitative field data on software development agility” in MIS Quarterly Vol. 34 No. 1, pp. 87-114, 2010.

[79] T.R. Leishman & J. VanBuren, “The Risk of Not Being Risk Conscious: Software Risk Management Basics”, STSC Seminar Series, Hill AFB, UT, 2003.

[80] A. Mackenzie & S. Monk, “From Cards to Code: How Extreme Programming Re-Embodies Programming as a Collective Practice” in Computer Supported Cooperative Work 13, Printed in the Netherlands: Kluwer Academic Publishers, pp.91–117, 2004.

[81] A.S.C. Marçal, B.C.C. de Freitas, F.S.F. Soares, M.E.S. Furtado & T.M. Maciel, A.D. Belchior, “Blending Scrum practices and CMMI project management process areas” in Innovations Syst Softw Eng 4, Springer-Verlag London Limited, pp. 17–29, 2008.

[82] J. Martin, "Rapid Application Development", New York: MacMillan, 1991. [83] F. McCaffery, J. Burton & I. Richardson, “Risk management capability model for the development of

medical device software” in Software Qual J 18, Springer Science+Business Media, LLC., pp.81–107, 2010. [84] G.J. McLachlan, Discriminant analysis and statistical pattern recognition, Willey-Interscience Pub.,

1992.

32

[85] J.W. Meritt, “Risk Management”, Computer Security Division - Computer Security Resource Center, 2010.

[86] S.C. Misra, V. Kumar & U. Kumar, “Different techniques for risk management in software engineering: A review”, Eric Sprott School of Business, Carleton University, Alberta, Canada, 2006.

[87] P.W.G. Morris & H.A. Jamieson, "Translating corporate strategy into project strategy: Achieving corporate strategy through project management", Newton Square, PA: Project Management Institute, 2004.

[88] J. Nielsen, Usability Engineering, Elsevier Inc. 1993, republished in "What Is Usability?" in User Experience Re-Mastered, Elsevier Inc., 2010.

[89] R. O’Brien, “An overview of the methodological approach of action research”, Faculty of Information Studies, University of Toronto, 1998.

[90] S.R. Palmer & J.M. Felsing, “A Practical Guide to Feature-Driven Development”, Upper Saddle River, NJ: Prentice-Hall, 2002.

[91] R. Paredes & E. Chavez, “Using the k-Nearest Neighbor Graph for Proximity Searching in Metric Spaces”, Center for Web Research, Dept. of Computer Science, University of Chile and Escuela de Ciencias Fisico-Matematicas, Univ. Michoacana, Morelia, Mich. Mexico, 2010.

[92] K. Petersen & C. Wohlin, “The effect of moving from a plan-driven to an incremental software development approach with agile practices. An industrial case study”, Empir Software Eng 15, Springer Science+Business Media, LLC., pp. 654–693, 2010.

[93] R. Pichler, "Collaborating in the Sprint Meetings" in Agile product management with Scrum: creating products that customers love, Addison-Wesley, ISBN 978-0-321-60578-8, 2010, pp. 97-109.

[94] M. Pikkarainen & A. Mäntyniemi, "An Approach for Using CMMI in Agile Software Development Assessments: Experiences from Three Case Studies", VTT Technical Research Centre of Finland, SPICE conference, 2006.

[95] PMBOK® Guide – Fourth Edition, “A guide to the Project Management Body of Knowledge”, Project Management Institute, Inc., 2010.

[96] M.I. Podean, D. Benţa & C, Mircean, "Overlapping boundaries of the project time management and project risk management", SICOMAP2010, Informatica Economica Journal, Bucharest: INFOREC Association, 2010.

[97] S. Prakash, S.S. Bhowmick, K.G. Widjanarko & C.F. Dewey Jr., “Efficient XML Query Processing in RDBMS Using GUI-Driven Prefetching in a Single-User Environment”, R. Kotagiri et al. (Eds.): DASFAA 2007, LNCS 4443, Springer-Verlag Berlin Heidelberg, pp. 819–833, 2007.

[98] PRM-PMI®, “Practice standard for Project Risk Management”, Newtown Square, Pennsylvania, USA: Project Management Institute, Inc., 2009.

[99] G. Purdy, “Raising the standard - The new ISO Risk Management Standard”, Society for R. Analysis, Wellington Meeting, 2009.

[100] C.E. Ries, “Enterprise Risk Management: Applications of Economic Modeling and Information Technology”, Mind & Society, 4, Vol. 2, Rosenberg & Sellier, Fondazione Rosselli, pp. 1-8, 2001.

[101] B.B. Roberts, “Lessons-learned: round 2”, INCOSE Proceedings of Symposium on Risk Management, 3, 2001.

[102] W. Royce, "Managing the Development of Large Software Systems", Proceedings of IEEE WESCON, The Institute of Electrical and Electronics Engineers, pp.1-9, 1970.

[103] M.L. Rusu, S. Kleinhempel & D. Benta, "Individual versus collaborative decision for analyzing companies performance", 6th International Seminar on the Quality Management in Higher Education, CETEX, 978-973-662-567-1, “ISI Web of Knowledge” ISI Proceedings Database, P. 683-686, 2010.

[104] J. Sankaranarayanan, H. Samet & A. Varshney, “A Fast k-Neighborhood Algorithm for Large Point-Clouds”, Eurographics Symposium on Point-Based Graphics, 2006.

[105] K. Schwaber and M. Beedle, “Agile Software Development with Scrum”, Upper Saddle River, NJ: Prentice-Hall, 2002.

[106] P. Sen, G. Namata, M. Bilgic, & L. Getoor, “Collective Classification in Network Data”, Technical Report CS-TR-4905 and UMIACS-TR-2008-04, 2008.

[107] P. Sfetsos, L. Angelis and I. Stamelos, “Investigating the extreme programming system-An empirical study”, Empir Software Eng11, Springer Science + Business Media, Inc., pp.269–301, 2006.

[108] T. Sharot, A.M. Riccardi, C.M. Raio & E.A. Phelps, ”Neural mechanisms mediating optimism bias”, Nature 450 (7166), 2007.

[109] C. P. Simion & V. Radu, “Abordări ale managementului riscului proiectelor în ghidurile şi standardele internaţionale”, Abordări moderne în managementul şi economia organizaţiei, ASE Bucureşti, 2008.

[110] H.A. Simon, “Rational Decision Making in Business Organizations”, The American Economic Review, 69 (4), pp.493-513, 1979.

[111] C. Smallman, “Knowledge Management as Risk Management: A Need for Open Governance?”, Risk Management, Vol. 1, No. 4, Palgrave Macmillan Journals, pp.7-20, 1999.

[112] D. Smith & M. Fischbachera, “The changing nature of risk and risk management: The challenge of borders, uncertainty and resilience”. Risk Management 11, pp.1–12, 2009.

33

[113] M. F. Smith, "Software Prototyping: Adoption, Practice and Management", London: McGraw-Hill, 1991.

[114] V. Smith, “Bentley Expert Designer: A New Paradigm in Ease of Use”, Bentley Systems, Incorporated, 2005.

[115] L. Spedding & A. Rose, “Business Risk Management”, Handbook, Elsevier, pp.2-70, 2008. [116] J. Stapleton, “Dynamic systems development method – The method in practice”, Addison Wesley

Longman, 1997. [117] C.J. Stone, “Consistent nonparametric regression (with discussion)”, Ann. Statist. 5, pp. 595-645, 1977. [118] G. Stoneburner, A. Goguen & A. Feringa, “Risk Management Guide for Information Technology

Systems”, Recommendations of the National Institute of Standards and Technology, 2002. [119] R. Subramanyam, F.L. Weisstein & M.S. Krishnan, “User Participation in Software Development

Projects”, vol. 53/3 in Communications of the ACM, pp.137-141, 2010. [120] G.I. Susman, “Action research: A sociotechnical system perspective” in Ed. G. Morgan, Beyond

Method: Strategies for social research, London: SAGE Publications, 1983. [121] H. Takeuchi and I. Nonaka, “The New Product Development Game”, Harvard Business, pp.137–146,

Review Jan/Feb, 1986. [122] K.W. Thomas, "Conflict and negotiation processes in organizations" in D. Dunnette & L. M. Hough

(Eds.), Handbook of industrial & organizational psychology (2nd ed.. Vol. 3, pp. 651-717). Palo Alto, CA: Consulting Psychology Press, 1992.

[123] B.W. Tuckman, "Developmental Sequence in Small Groups", Psychological Bulletin, Volume 63, Number 6, pp. 284-299, 1965.

[124] K. Beck, M. Beedle, A. van Bennekum, A. Cockburn, W. Cunningham, M. Fowler, J. Grenning, J. Highsmith, A. Hunt, R. Jeffries, J. Kern, B. Marick, R.C. Martin, S. Mellor, K. Schwaber, J. Sutherland & D. Thomas, Principles behind the Agile Manifesto, Available on-line: http://agilemanifesto.org /iso/en/principles.html, [Accessed 05 Nov., 2010].

[125] Association for Project Management, Available on-line: http://www.apm.org.uk/, [Accessed 02 Nov., 2010].

[126] CMMI | Overview, Available on-line: http://www.sei.cmu.edu/cmmi/ [Accessed on 02 of April, 2011] [127] Selecting a Development Approach, Centers for Medicare & Medicaid Services, Office of Information

Services, Department of Health & Human Service, USA, Original Issuance: February 17, 2005, Revalidated: March 27, 2008, Available on-line: http://www.cms.gov/SystemLifecycleFramework/Downloads/ SelectingDevelop mentApproach.pdf, [Accessed 10 Sept., 2010].

[128] United States House of Representatives, 111th Congress, 2nd Session, U.S. House of Representatives, Systems Development Life-Cycle Policy, Executive Summary, Available on-line: http://www.house.gov/cao-opp/ref-docs/SDLCPOL.pdf, [Accessed 10 Oct., 2010].

[129] MATLAB Central - File detail - K Nearest Neighbors, Available on-line: http://www.mathworks. com/matlabcentral/fileexchange/15562-k-nearest-neighbors, [Accessed 10 Oct., 2010].

[130] NIST.gov - Computer Security Division - Computer Security Resource Center, James W. Meritt, Risk Management, Available on-line: http://csrc.nist.gov /nissc/1998/proceedings/paperE5.pdf [Accessed November 17, 2010].

[131] PMI - the World’s Leading Professional Association for Project Management, Available on-line: http://www.pmi.org/, [Accessed 02 Nov., 2010].

[132] PRINCE2 Foundation - PRINCE2 Practitioner Project Management Training - ILX Group plc, UK - worldwide, Available on-line: http://www.prince2.com/, [Accessed 01 Nov., 2010].

[133] Project Management Lessons Learned, U.S. Department of Energy, Washington, D.C. 20585, Available on-line: http://www.science.doe.gov /opa/PDF/g4133-11%20Lessons%20Learned.pdf, [Accessed 04 Nov., 2010].

[134] J. Spolsky, Figuring out what they expected, Available on-line: http://www.joelonsoftware. com/uibook/chapters/fog0000000058.html, [Accessed November 15, 2010].

[135] The Institute of Risk Management, Available on-line: http://www.theirm.org/ publications/documents/Risk_Management_Standard_030820 .pdf, (Accessed 01 Mar., 2011).

[136] University of California | Office of the President, Accessed 02 Nov 2010, Available on-line: http://www.ucop.edu/riskmgt/erm/documents/asnzs4360_2004_ tut_ notes.pdf, [Accessed 28 Oct., 2010].

[137] T. Yang, J. Liu, L. McMillan & W. Wang, “A Fast Approximation to Multidimensional Scaling”, University of Chapel Hill at North Carolina, 2010.